I

X-Force Incident Response APAC OT Lead

IBM
On-site
Multiple Cities, Philippines
Job Description
The X-Force Incident Response team (XFIR) helps IBM customers globally with their Digital Forensics and Incident Response needs, whether that’s before, during, or after an incident. Proactive projects include running tabletop exercises or helping to improve IR documentation, whereas reactive engagements might involve expert level forensic analysis to quantify Intellectual Property theft, or leading IR activities on one of the biggest data breaches in the world.

Many of the existing members of the team are DFIR all-rounders that are as comfortable chewing through log files at the command line during threat hunting as presenting an executive summary of an incident to board members. The successful candidate for this role will also bring a specialisation in DFIR within OT/ICS/SCADA environments, and will have a background in supporting these environments, either internally or as a consultant. Cases will include everything from false alarms to nation state attacks against critical infrastructure. Efficient and methodical collaboration is key in projects of this scale, as is excellent written and spoken English.

You will also have demonstrated skills in various elements of Incident Response, conducting computer intrusion investigations, and have a strong foundation in cyber security policy, operations and best practices. This might include proficiency with leading EDR tools, familiarity with forensic analysis tools such as X-Ways or EnCase, or forensic triage expertise using Velociraptor or UAC. Furthermore, familiarity with Windows and Linux operating systems and enterprise technology such as Active Directory / LDAP / Entra ID, on-premises and cloud-based email, and network devices such as firewalls, proxies, IPS/IDS, SIEMs, etc. is preferred.

As part of the OT Security-focused responsibilities, you will support several OT Security proactive services such as cybersecurity gap assessments, consulting with clients on OT Security Resiliency roadmap development, and keeping yourself, colleagues, and clients apprised of technical practices, standards, and threat trends impacting ICS cybersecurity.

As an experienced consultant, you’ll understand that the nature of the work sometimes involves late nights, early starts, weekends, or travel at short notice. In return, XFIR provides time off in lieu, weekend on-call allowance and the ability to manage your own time wherever possible. We don’t offer opaque bonus schemes but can offer a base salary designed attract the best people for the job.

The selected candidate will be assigned as the X-Force Incident Response lead OT lead for the APAC region.

Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

Required Technical and Professional Expertise
In this role you must have at least 5 years of technical and professional experience in the following:
  • Experience in technical and consulting skills with subject matter expertise in one or more of the following specialties: incident response, systems administration, disaster recovery, business continuity, computer forensics and/or network security.
  • Prior experience with IT/OT cybersecurity management systems, risk assessments, risk mitigation. Applying reference architectures and frameworks to industrial automation environment and securing industrial automation projects.
  • Experience managing technical security projects either as a consultant or internal security practitioner.
  • A thorough understanding of network protocols, network devices, computer security devices, secure architecture & system administration in support of computer forensics & network security operations.
  • Significant hands-on experience with hardware/software tools used in incident response, computer forensics, network security assessments, and/or application security.
  • Experience with assessing and developing enterprise-wide policies and procedures for IT risk mitigation and incident response.
  • Experience in Windows, Mac, and Unix operating systems.

Concepts and Communication
  • Demonstrated ability to work with and advise senior and executive level clients regarding strategic and tactical processes of Incident Response, staying professional and communicating clearly under pressure.
  • Advanced understanding of information security governance concepts, including ability to gauge maturity level of an organisation's incident response program by against best practices as well as by applying practical knowledge of attacker methodologies, attack lifecycle, Cyber Kill Chain, etc.
  • Ability to communicate technical findings & concepts to key stakeholders.
Operational Technology
  • Experience working with-in Operational Technology environments that have a safety-first focus.
  • Demonstrate an understanding of the key differences between IT versus OT environments and be able to articulate best practices on how to secure each.
  • Understanding of OT Security industry best practices and guidelines such as NIST 800-82, ISA/IEC 62443, and PERA. 
  • Familiarity with regional laws and regulations regarding critical infrastructure and OT Security.
  • Experience with OT-focused security tooling such as Nozomi Networks, Claroty, Tenable.OT, Armis, or Dragos.  
  • Able to analyse common industrial network protocols (Modbus, Profinet, EtherNet/IP, etc).
  • Familiarity with common ICS vendors (Honeywell, Schneider Electric, Yokogawa etc.) and their products, network architectures, and equipment.


Digital Forensics & Incident Response
  • Ability to forensically analyse both Windows & Unix systems for evidence of compromise.
  • Proficiency with commercial and open source forensic tools such as EnCase, X-Ways, and Sleuthkit.
  • Skills and experience with cloud DFIR.
  • Proficient in writing cohesive reports for a technical and non-technical audience.
  • Experience hunting threat actors in large enterprise networks and cloud environments.
  • Experience with using and configuring Endpoint Detection & Response (EDR) tools.
Network Forensics
  • Experience performing log analysis locally and via SIEM/log aggregation tool.
  • Analyse and/or decipher packet captures from network protocol analysers (Wireshark, TCPdump, etc).
  • Demonstrate an understanding of the behaviour, security risks and controls of common network protocols.
  • Demonstrate an understanding of common applications used in Windows and Linux enterprise environment. Familiarity with Active Directory, Exchange and Office365 applications and logs.
Remediation services
  • Experience acting as a ‘trusted advisor’ throughout the IR process.
  • Advise clients on best practice whilst providing a sounding board during risk-based decisions.
  • Track record of success in an incident management role using project management.
  • Ability to lead teams comprised of customer staff and staff from competing service providers.
Proactive services
  • Examine and analyse available client internal policies, processes, and procedures to determine patterns and gaps at both a strategic and tactical levels. Recommend appropriate course of action to support maturing the client’s incident response program and cyber security posture.
  • A strong familiarity with various security frameworks and standards and applicable data privacy laws and regulations.
  •  Demonstrated experience with planning, scoping, and delivering technical and/or executive level tabletop exercises, with a focus on either tactical or strategic incident response processes. Ability to incorporate current trends and develop custom scenarios applicable to a client.
  • Diverse understanding of cyber security related vulnerabilities, common attack vectors, and mitigations.
  • Capable of developing strategic level incident response plans as well as tactical-focused playbooks.
DevSecOps
  • Low-level operating system knowledge, including automation and performing administrative tasks.
  • Scripting or programming experience, preferably in a language commonly used for DFIR such as Python or PowerShell.
  • Ability to work with data at scale such as using Splunk / ELK.
  • Expertise working with shell programs such as grep, sed and awk to process data quickly.
  • Working experience with virtualisation and cloud technology platforms like IBM Cloud, AWS, GCP, & Azure.
OT Security
  • One or more security certifications
  • OT IDS tool such as Nozomi Networks, Claroty, Tenable.OT, Armis, or Dragos.
  • SANS GIAC or ISA99/IEC-62443 Cybersecurity
  • Experience in designing / engineering control systems


Other Relevant Job Details
For additional information about location requirements, please discuss with the recruiter following submission of your application.

Introduction
A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe.

You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.

Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Wonder if IBM is the one for you?
In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.

Being an IBMer means you’ll be able to learn and develop yourself and your career, you’ll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.

Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.

Are you ready to be an IBMer?



About Business Unit
IBM Consulting is IBM’s consulting and global professional services business, with market leading capabilities in business and technology transformation. With deep expertise in many industries, we offer strategy, experience, technology, and operations services to many of the most innovative and valuable companies in the world. Our people are focused on accelerating our clients’ businesses through the power of collaboration. We believe in the power of technology responsibly used to help people, partners and the planet.

About IBM
IBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.

Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we’re also one of the biggest technology and consulting employers, with many of the Fortune 50 companies relying on the IBM Cloud to run their business.

At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it’s time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.